Lacework announced new capabilities that enable organizations to
uncover more critical threats to their infrastructure and empower teams to
collaborate more efficiently in alert investigation and response. Lacework has
added fully automated time-series modeling to the existing anomaly detection
capabilities of the Polygraph Data Platform. Using automated learning and
behavioral analytics, the time-series model builds a baseline of the volume and
frequency of activity within a customer's environment and actively
monitors for spikes that deviate from that unique baseline to detect
potential threats such as cryptominer attacks and compromised accounts with
accuracy. Organizations can also proactively discover increased cloud usage due
to misconfigurations - gaining a better understanding of their environment to
help control costs. Lacework does this without the need for constant tuning of
thresholds, significantly reducing both manual work and false positive alerts.
Lacework has also upgraded its alerting experience with features that empower
teams to collaborate more efficiently in alert investigation and response.
The
enormous amount of activity in the cloud and adoption of new technology makes
it difficult to gain visibility into risks, investigate alerts efficiently, and
take action, especially when teams are siloed into different workstreams and
tools. Signature and rules-based approaches can't keep pace with this dynamic
environment and often overwhelm security teams with thousands of contextless
alerts across a range of environments.
Polygraph,
the Lacework cloud behavioral analytics engine, uses dozens of models to build
a baseline of normal behaviors in the cloud. The time-series model introduces a
new dimension of analysis by tracking changes in activity frequency and volume
over time in a cloud environment. It works with the existing models to uncover
more anomalies with fewer alerts.
Lacework
also automatically adjusts the severity of alerts based on continuous learning
and a fine-grained understanding of how much the observed behaviors deviate
from the predicted baseline for improved accuracy. According to Cybersecurity Ventures, the number of unfilled
cybersecurity jobs worldwide grew by 350% between 2013 and 2021 with no sign of
relief in the next five years. By consolidating alerts into only those that
matter and providing security teams with more context about what is happening
across their environment, Lacework allows these overburdened teams to uncover
more risks and deal with them more efficiently.
Lacework
has also revamped the alerting experience to help organizations better
collaborate with teams to prioritize, investigate, and track the status of all
alerts. This includes:
- Context-rich insights: Richer insights give the complete
picture of what happened, associated events, timelines, and other details,
helping organizations understand where to focus and make better decisions.
- Configurable bi-directional sync: When teams update an alert on the
Lacework user interface or the associated ticket in backend workflow tools
like Jira, the alert status is automatically updated on both sides with
bi-directional sync for accelerated resolution. Organizations can even
give feedback on Lacework alert severity levels, which in turn helps the
Polygraph Data Platform learn and optimize modeling to further improve
alerting experience.
- Easy to manage alert lifecycle: Teams can more easily organize
alerts, view tags, filter to see a set of specific alerts, change the
state of an alert to indicate whether it needs to be investigated or has
been resolved, and add comments to classify and better collaborate with
teams.
Time-series
modeling is available now for Lacework customers in AWS environments.
Configurable bi-directional sync enhancements to the Lacework alerting experience
are available to select customers in beta.